Unity Linux 20.1070e Security Update: python-ldap (UTSA-2026-007085)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007085 advisory. python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, ldap.dn.escapednchars escapes \x00 incorrectly by...

python311-lupa-2.7-1.1 on GA media (moderate)

python311-lupa-2.7-1.1 on GA media Announcement ID: openSUSE-SU-2026:10507-1 Rating: moderate Cross-References: CVE-2026-34444 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...

01os (>=0.0.1 <=0.0.14), 0xpwn (=0.1.1) +734 more potentially affected by unknown CVE via litellm (>=1.0.0 <=1.82.6)

litellm PYPI version =1.0.0, =0.0.1, =0.0.1a0, =0.3.5, =0.7.3, =0.1.0, =0.4.0, =0.8.1, =0.1.0, =0.1.39, =0.2.1, =0.2.1.10102025 - agent-memory-server =0.15.0 - agent-opt =0.0.1 and more Source cves: unknown CVE Source advisory: SNYK:PYTHON-LITELLM-15928842...

ai-dynamo (=0.1.0), bento2seldon (>=0.1.0 <=0.4.0) +16 more potentially affected by CVE-2026-35043 via bentoml (>=0.10.1 <=1.4.3)

bentoml PYPI version =0.10.1, =0.1.0, =0.1.0, =0.0.10, =0.0.5, =0.3.12, =0.0.1, =1.0.3, =0.0.10, =0.0.1, =0.0.1, =0.0.13 and more Source cves: CVE-2026-35043 Source advisory: OSV:PYSEC-2026-158...

Claude SDK For Python: Memory Tool Path Validation Race Condition Allows Sandbox Escape

The async local filesystem memory tool in the Anthropic Python SDK validated that model-supplied paths resolved inside the sandboxed memory directory, but then returned the unresolved path for subsequent file operations. A local attacker able to write to the memory directory could retarget a...

0xpwn (=0.1.1), a2a-acl (=0.0.14) +160 more potentially affected by CVE-2026-35030 via litellm (>=1.80.9 <=1.82.6)

litellm PYPI version =1.80.9, =0.0.1a0, =0.7.3, =0.1.46, =0.0.1, =0.1.14.13, =0.5.2, =0.1.0, =0.10.0, =2.0.0, =2.0.0, =2.0.1 - browser-use =0.12.4 and more Source cves: CVE-2026-35030 Source advisory: SNYK:PYTHON-LITELLM-15907831...

01os (>=0.0.1 <=0.0.14), 0xpwn (=0.1.1) +734 more potentially affected by CVE-2026-35029 via litellm (>=1.0.0 <=1.82.6)

litellm PYPI version =1.0.0, =0.0.1, =0.0.1a0, =0.3.5, =0.7.3, =0.1.0, =0.4.0, =0.8.1, =0.1.0, =0.1.39, =0.2.1, =0.2.1.10102025 - agent-memory-server =0.15.0 - agent-opt =0.0.1 and more Source cves: CVE-2026-35029 Source advisory: SNYK:PYTHON-LITELLM-15907616...

CLSA-2026-1775222005 python: Fix of CVE-2025-15367

CVE-2025-15367: reject control characters in POP3 commands to prevent command injection via newlines...

a-mailx (=0.1.0), a2a-acl (=0.0.15) +1217 more potentially affected by CVE-2026-34519 via aiohttp (>=3.0.0b0 <=3.13.3)

aiohttp PYPI version =3.0.0b0, =0.1.1, =0.1.0b0, =1.1.0, =1.0.1, =0.0.0, =0.0.2, =4.8.2, =0.0.3, =0.1.3, =0.4.0, =56.0.0, =72.0.0 and more Source cves: CVE-2026-34519 Source advisory: SNYK:PYTHON-AIOHTTP-15873731...

GHSA-W828-4QHX-VXX3 Claude SDK for Python: Memory Tool Path Validation Race Condition Allows Sandbox Escape

The async local filesystem memory tool in the Anthropic Python SDK validated that model-supplied paths resolved inside the sandboxed memory directory, but then returned the unresolved path for subsequent file operations. A local attacker able to write to the memory directory could retarget a...

GHSA-Q5F5-3GJM-7MFM Claude SDK for Python has Insecure Default File Permissions in Local Filesystem Memory Tool

The local filesystem memory tool in the Anthropic Python SDK created memory files with mode 0o666, leaving them world-readable on systems with a standard umask and world-writable in environments with a permissive umask such as many Docker base images. A local attacker on a shared host could read...

Incorrect Permission Assignment for Critical Resource

Overview anthropic is a The official Python library for the anthropic API Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource in the local filesystem memory tool due to files being created with overly permissive permissions. An attacker can...

acetone-nnet (>=0.1.0 <=0.4.0.dev1), acuity (=6.18.0) +370 more potentially affected by CVE-2026-34447 via onnx (>=1.10.1 <=1.20.1)

onnx PYPI version =1.10.1, =0.1.0, =0.1.0, =0.0.0, =0.0.157, =0.1.0, =0.1.8, =1.7.0, =1.3.0, =0.10.0, =0.3.1, =1.0.2 and more Source cves: CVE-2026-34447 Source advisory: SNYK:PYTHON-ONNX-15873763...

MAL-2026-2405 Malicious code in eht-account (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7e1fa4f35985059ad18e3e325fc65e1d25a5692cc9690a4b15af2d76492b95fe Clones of a legitimate library. During processing the private key, it's getting exfiltrated. --- Category: MALICIOUS - The campaign has clearly malicious inten...

CLSA-2026-1775059689 python: Fix of CVE-2025-15367

CVE-2025-15367: reject control characters in POP3 commands to prevent command injection via newlines...

CLSA-2026-1775058454 python: Fix of CVE-2025-15366

CVE-2025-15366: reject control characters in IMAP commands to prevent command injection...

OPENSUSE-SU-2026:10476-1 python311-Pygments-2.20.0-2.1 on GA media

These are all security issues fixed in the python311-Pygments-2.20.0-2.1 package on the GA media of openSUSE Tumbleweed...

CVE-2026-34452

The Claude SDK for Python provides access to the Claude API from Python applications. From version 0.86.0 to before version 0.87.0, the async local filesystem memory tool in the Anthropic Python SDK validated that model-supplied paths resolved inside the sandboxed memory directory, but then...

CVE-2026-34452

CVE-2026-34452 (Claude SDK for Python) affects the async local filesystem memory tool in the Anthropic Python SDK. From versions 0.86.0 up to before 0.87.0, path validation incorrectly allowed union of model-supplied paths to be validated inside the sandbox but the unresolved path to be used for ...

[SECURITY] Fedora 44 Update: python-pycparser-2.22-8.fc44

pycparser is a complete parser for the C language, written in pure Python. It is a module designed to be easily integrated into applications that need to parse C source code...